VMSA-2019-0002

VMware Workstation update addresses elevation of privilege issues

VMware Security Advisory
 
VMware Security Advisory Advisory ID:
VMSA-2019-0002
VMware Security Advisory Severity:
 Important
VMware Security Advisory Synopsis:
 VMware Workstation update addresses elevation of privilege issues.
VMware Security Advisory Issue date:
 2019-03-14
VMware Security Advisory Updated on:
 2019-03-14 (Initial Advisory)
VMware Security Advisory CVE numbers:
CVE-2019-5511, CVE-2019-5512
 
1. Summary

VMware Workstation update addresses elevation of privilege issues.

 

 
2. Relevant Products
  • VMware Workstation Pro / Player (Workstation)
 
3. Problem Description

a. The creation of the VMX process on a Windows host can be hijacked leading to elevation of privilege.

 

Workstation does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.

 

VMware would like to thank James Forshaw of Google Project Zero for reporting this issue to us.

 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5511 to this issue.

 

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
VMware Product Workstation
Product Version 15.x
Running on Windows
Severity Important
Replace with/ Apply Patch 15.0.3
Mitigation/ Workaround None
VMware Product Workstation
Product Version 15.x
Running on Linux
Severity N/A
Replace with/ Apply Patch Not Affected
Mitigation/ Workaround N/A
VMware Product Workstation
Product Version 14.x
Running on Windows
Severity Important
Replace with/ Apply Patch 14.1.6
Mitigation/ Workaround None
VMware Product Workstation
Product Version 14.x
Running on Linux
Severity N/A
Replace with/ Apply Patch Not Affected
Mitigation/ Workaround N/A

 

b. VMware Workstation COM classes used by the VMX process on a Windows host can be hijacked leading to elevation of privilege.

 

COM classes are not handled appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

 

VMware would like to thank James Forshaw of Google Project Zero for reporting this issue to us.

 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2019-5512 to this issue.

 

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

VMware Product
Product Version
Running on
Severity
Replace with/ Apply Patch
Mitigation/ Workaround
VMware Product Workstation
Product Version 15.x
Running on Windows
Severity Important
Replace with/ Apply Patch 15.0.3
Mitigation/ Workaround None
VMware Product Workstation
Product Version 15.x
Running on Linux
Severity N/A
Replace with/ Apply Patch Not Affected
Mitigation/ Workaround N/A
VMware Product Workstation
Product Version 14.x
Running on Windows
Severity Important
Replace with/ Apply Patch 14.1.6
Mitigation/ Workaround None
VMware Product Workstation
Product Version 14.x
Running on Linux
Severity N/A
Replace with/ Apply Patch Not Affected
Mitigation/ Workaround N/A

 

4. Solution

Please review the patch/release notes for your product and  version and verify the checksum of your downloaded file. 

 

   VMware Workstation Pro 14.1.6, 15.0.3
   Downloads and Documentation:
   https://www.vmware.com/go/downloadworkstation
   https://docs.vmware.com/en/VMware-Workstation-Pro/index.html

 

   VMware Workstation Player 14.1.6, 15.0.3 
   Downloads and Documentation:
   https://www.vmware.com/go/downloadplayer
   https://docs.vmware.com/en/VMware-Workstation-Player/index.html

 

6. Change log

 

2019-03-14: VMSA-2019-0002
Initial security advisory in conjunction with the release of VMware Workstation 14.1.6 and 15.0.3 on 2019-03-14.

 

7. Contact

 

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2019 VMware Inc. All rights reserved.